Security Analysis

Technical explanation

Sensitive operations using your passphrase, private key, and the bodies of emails are performed by the Encryption Engine component. When you access your email, the Encryption Engine is activated on the web server. Your web browser will communicate over an encrypted SSL connection to the web server instructing the Encryption Engine to perform encryption, decryption, and signature functions using your private key and passphrase.

Details on what is protected

Type of Information

Level of Protection

Source of random data when creating new PGP keys

Entropy collected on the server

Passphrase encrypted in transmission from browser to web server

SSL

Passphrase encrypted in storage on web server

SHA256

Passphrase decrypted on web server

The passphrase is used in decrypted form on the web server to decrypt the private key

Private key encrypted in transmission between browser to web server

Private key not transmitted

Private key encrypted in storage

PGP

Private key decrypted on web server

Private key decrypted and used on server for decrypting and signing messages (for the duration of your session)

The following examples apply to emails sent using public key encryption: